ClawHub

WhatsApp Group Admin

Security checks across malware telemetry and agentic risk

Overview

This skill is read-only and purpose-related, but it needs Review because it reads local WhatsApp credential/profile state to enumerate group metadata without clearly disclosing that access to users.

Install only if you are comfortable letting the agent inspect your local OpenClaw WhatsApp state directory and display cached group metadata in the conversation. Prefer using parse-link or create-template when local state is not needed, and run list/info only when you explicitly want cached group IDs, names, and member counts exposed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Context-Inappropriate Capability

Medium
Confidence
92% confidence
Finding
The script directly reads from the user's local WhatsApp state/credential directory under ~/.openclaw (or OPENCLAW_STATE_DIR) to enumerate group metadata. Even if intended for admin utilities, this accesses sensitive local application state beyond simple input-driven processing and can expose private group IDs, membership-derived counts, and related metadata without clear consent boundaries.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The code reads contacts.json and correlates it with group identifiers to enrich output with group names, but provides no user-facing disclosure that credential-derived contact and group data are being accessed. This increases privacy risk because users invoking an apparently simple admin helper may unknowingly expose local WhatsApp-derived metadata to the tool or downstream consumers of its JSON output.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal